Vuln Dev
Back to list
|
Post reply
Re: Re: Help developing exploit
May 27 2007 12:15PM
KaCo678 aol com
(1 replies)
Re: Help developing exploit
May 28 2007 01:37AM
Valdis Kletnieks vt edu
On Sun, 27 May 2007 12:15:38 -0000, KaCo678 (at) aol (dot) com [email concealed] said:
> If i look into the esp memory to find my 0x90 nop sled the adress where its
> at is 0013f318 but im sure im not able to use a null byte..
The standard solution here is that rather than having 0x0013f318 as the
target address, you do something like this:
load register,=x'90836388'
xor register,=x'90909090'
(code to branch to where that register now points)
Or declare the target address as x'9013f318' and 'xor immediate' a x'90'
into the first byte... or other similar scheme...
-
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFGWjJ0cC3lWbTT17ARAmffAKDjDfkLZH6cP6iytWQ8dqqrKYRaGACg8Gjq
oLnfHawMehzpTZx9SyHkRRE=
=o6Xu
-----END PGP SIGNATURE-----
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
> If i look into the esp memory to find my 0x90 nop sled the adress where its
> at is 0013f318 but im sure im not able to use a null byte..
The standard solution here is that rather than having 0x0013f318 as the
target address, you do something like this:
load register,=x'90836388'
xor register,=x'90909090'
(code to branch to where that register now points)
Or declare the target address as x'9013f318' and 'xor immediate' a x'90'
into the first byte... or other similar scheme...
-
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFGWjJ0cC3lWbTT17ARAmffAKDjDfkLZH6cP6iytWQ8dqqrKYRaGACg8Gjq
oLnfHawMehzpTZx9SyHkRRE=
=o6Xu
-----END PGP SIGNATURE-----
[ reply ]